Overview

• Forteil said attackers accessed identity verification materials collected in face-to-face videoident checks, including ID documents, addresses, and photos or videos.
• The company stated that passwords, account credentials, payment details, and Schufa credit data were not compromised.
• Bonify has notified users it believes were affected and is providing six months of free identity monitoring, advising vigilance for misuse and replacement of compromised IDs.
• The number of impacted users, the time window, and the point of compromise remain unclear, and reporters have seen no confirmed listings of the data for sale.
• Authorities including the Hesse data protection authority (HBDI), BaFin, and law enforcement are involved, and the role of third‑party KYC provider ID Now has not been determined.